How SRMAs Protect Critical Infrastructure From Cyber Threats

Cybersecurity is a critical component of national security, economic stability and public safety in the U.S. As the digital landscape continues to evolve, so too do the threats posed by cyber attacks. 

In the past few years we have had a firsthand look at the impact cyber attacks can have on everyday life, for example:

• December 2024: PowerSchool data breach. Leaked credentials and lack of multi-factor authentication (MFA) allowed a threat actor to gain access to the company’s Student Information System’s (SIS), which housed sensitive information for 60-plus million students across more than 16,000 customers.  
• February 2024: Change Healthcare ransomware attack. The attack on the major healthcare technology company is attributed to threat actor BlackCat (also known as AlphV), which was possible because of stolen credentials and Change Healthcare’s lack of multi-factor authentication (MFA). The effect was significant, far reaching and long-lasting, including compromised sensitive data of 190 million people and extensive disruptions to patient scheduling services, pharmacy operations and billing operations.
• May 2021: Colonial Pipeline ransomware attack. This well-known attack is attributed to the Ransomware-as-a-Service (RaaS) group DarkSide, which forced Colonial Pipeline to shut down all pipeline operations, resulting in major fuel shortages across the eastern U.S.
• December 2020: SolarWinds cyber hack. It is considered to be one the most impactful cyber events as the hacker group APT29 (also known as Cozy Bear) injected malicious code into SolarWinds IT monitoring and management software, causing a supply chain incident that affected thousands of U.S. government agencies and large commercial organizations. 

To address these challenges, various U.S. federal agencies designated a Sector Risk Management Agency (SRMAs) to play a pivotal role in safeguarding the nation’s critical infrastructure sectors and improving cyber resilience.

What are Sector Risk Management Agencies (SRMAs)?

SRMAs are federal agencies laid out by the National Security Memorandum on Critical Infrastructure Security and Resilience-22 (NSM-22) to serve as the lead entities responsible for coordinating security and resilience efforts across specific critical infrastructure sectors. These sectors include energy, healthcare, financial services, transportation, water systems and more. 

The primary function of SRMAs is to work with public and private stakeholders to manage risks, enhance resilience and respond effectively to cyber incidents.

Despite their critical role, SRMAs face several challenges:

• Evolving threat landscape: Cyber threats continue to grow in sophistication, requiring SRMAs to constantly adapt their strategies.
• Resource constraints: Many SRMAs face funding and staffing limitations, which can hinder their ability to carry out their missions effectively.
• Inter-sector dependencies: The interconnected nature of critical infrastructure sectors means disruptions in one sector can cascade into others, complicating risk management efforts.
• Coordination across stakeholders: Achieving seamless collaboration between federal agencies, state and local governments, and private entities can be challenging.

How can SRMAs benefit from leveraging publicly available information?

Publicly available information can be a powerful tool for SRMAs in overcoming the challenges they face. By leveraging open-source intelligence (OSINT), SRMAs can:

• Enhance threat awareness: Monitoring public forums, social media and dark web activities can provide early indicators of potential cyber threats and vulnerabilities, enabling proactive risk mitigation.
• Improve resource allocation: Publicly available data on past incidents, sector trends and emerging technologies can help SRMAs prioritize resources and develop targeted strategies.
• Foster transparency and trust: Sharing non-sensitive findings and actionable guidance derived from public information can strengthen collaboration with private sector partners and build trust among stakeholders.
• Support training and education: Public resources, such as webinars, case studies and best practice guides, can be used to educate stakeholders across sectors about emerging risks and effective defense mechanisms.

The role of AI in transforming cyber threat detection

Artificial intelligence (AI) is revolutionizing cybersecurity by enhancing the speed and accuracy of threat detection. SRMAs can integrate AI-powered tools into their strategies to:

• Analyze large data sets: AI enables the processing of vast amounts of data from multiple sources, identifying patterns and anomalies that may indicate potential cyber threats.
• Enhance predictive capabilities: Machine learning algorithms can forecast emerging threats based on historical data, allowing SRMAs to anticipate and mitigate risks before they materialize.
• Automate threat response: AI-driven automation can streamline the response process, reducing the time required to neutralize cyber threats and minimize damage.
• Improve collaboration: AI-powered platforms facilitate real-time information sharing and analysis across sectors, enhancing coordinated efforts to combat cyber risks.

Learn More: How AI Is Transforming Cyber Threat Detection

For example, AI technologies can monitor external cyber threats in publicly available data, such as the deep and dark web, sensors, public forums, as well as traditional and alternative social media—providing early warnings and enhancing situational awareness of cyber threats both within and across critical infrastructure sectors.

These tools not only reduce the workload on cybersecurity teams, but also improve the resilience of critical infrastructure.

SRMAs remain essential

As cyber threats continue to pose significant risks to the nation’s critical infrastructure, the role of U.S. federal SRMAs in cybersecurity remains indispensable. By leveraging their sector-specific expertise, fostering public-private partnerships and enhancing risk management capabilities, SRMAs contribute significantly to the nation’s cyber resilience. 

The strategic use of publicly available information and AI-powered technologies can further empower SRMAs to address challenges, improve transparency and strengthen the collaborative efforts needed to safeguard the digital ecosystem.